U.S., Europe May Share Intelligence, But Not Privacy Rules

Protesters demonstrate in Berlin on Tuesday on the eve of President Obama's visit to the German capital. Obama is expected to encounter a more skeptical Germany in talks on trade and secret surveillance practices.

Odd Andersen
/ AFP/Getty Images

Originally published on June 18, 2013 3:55 pm

The United States and Europe stepped up cooperation on security issues after Sept. 11, 2001. But that doesn't mean they agree on everything. The latest point of friction: What are the rules when it comes to privacy rights?

The revelations about the National Security Agency's surveillance programs not only touched off a ferocious debate in the U.S. but also struck a nerve in Europe.

The Europeans appear to be reacting mostly to the reports that the NSA tapped the servers of Google, Facebook and other Internet companies for personal data. The companies have hundreds of millions of users worldwide, including in Europe.

And just as there has been mixed reaction in the U.S., the same is true in Europe.

Germany, however, has wrestled with memories of a police state under both Nazi rule and Stasi surveillance in East Germany during the Cold War. The reaction there has included a fair amount of outrage.

As The New York Times reports, since Sept. 11, the two sides have argued over "access to interbank transfer data and payments (a program known as Swift), and over the provision of passenger lists for airplanes flying to the United States from Europe. (France and Britain have similar requirements for planes flying there.)

"And there are continuing debates over whether individuals have the right to expunge data they posted in earlier, less circumspect days — what the French call 'the right to be forgotten.' "

Different Notions Of Privacy

J. Trevor Hughes, president and CEO of the International Association of Privacy Professionals, says that the U.S. and Europe view privacy in different ways.

"Europeans think of it as a fundamental human right, connected to a sense of dignity," he says. "In the U.S., we think of it in terms of liberty and response to harm."

And, Hughes says, those differences shape the way the U.S. and Europe approach privacy-related laws. The Europeans take a more broad-based approach, while the U.S. tends to look at specific cases and how it might have an impact on the marketplace.

Impact Of NSA Revelations

Hughes says the revelations about the NSA could affect a free trade agreement being negotiated between the EU and the U.S. It could also, he says, increase momentum for the passage of an EU privacy directive that would replace one that dates to 1995.

That measure set a basic framework but left it up to individual member states to craft their own specific legislation.

"The directive is more a floor than a ceiling," says Joel Reidenberg, a professor at the Fordham University School of Law.

The new measure is considered more far-reaching. Here's The Times reporting about it in February:

"Several proposals would go well beyond the voluntary policies of companies like Google. They would require companies to obtain permission before collecting personal data and specify exactly what information will be collected and how it will be used. If asked, companies would have to provide users with data that has been collected about them and allow them to fix mistakes. One proposal would include a so-called 'right to be forgotten' that would make it mandatory for companies like Facebook to delete all information about users who want to wipe the slate clean."

U.S. technology firms oppose parts of the legislation. And the Financial Times reported last week that the Obama administration "successfully lobbied the European Commission to strip its data-privacy legislation of a measure that would have limited the ability of U.S. intelligence agencies to spy on EU citizens."

Hughes says such revelations could affect U.S. companies doing business in the EU.

"U.S. companies have long been criticized overseas on the basis of privacy concerns. Recent revelations haven't dispelled these myths/rumors/ideas," Hughes says. "One has to imagine that U.S. cloud service providers will find that privacy is being used as a differentiator against them in the years ahead."

Attitudes In Flux

Still, attitudes toward privacy may be changing even in those countries that have been touchy over the issue.

In Germany, a recent poll in Die Zeit newspaper showed about 40 percent of respondents supported the government's monitoring of Internet communications for security reasons. Indeed, Interior Minister Hans-Peter Freidrich said his government gets regular intelligence information from the U.S.

"We get very good and reliable information from our American friends and partners that has played an important role in the past in preventing attacks in Germany," he said last week in Berlin. "The Americans don't tell us, and we also don't tell our partners ... where this information comes from. That's the business of the respective agency."

In fact, NSA officials told lawmakers that the NSA programs thwarted terrorist plots in the U.S. and more than 20 countries.

"This is suggesting that some countries are outsourcing their data collection to the U.S., circumventing their own laws," says Reidenberg, the Fordham professor.

Meanwhile, amid the outrage over the surveillance, Der Spiegel magazine reported that Germany's intelligence agency was expanding Internet surveillance by launching a five-year, $133 million program to bolster its computing and server capacities — so it can do the kind of work being done by the NSA.